Q-S


Quality of Protection (QoP)
The set of security functions that are applied to what needs to be protected. The QoP can consist of any combination of authentication, privacy, integrity, and nonrepudiation.
Raike Public Key (RPK)
A public key cryptosystem invented by Bill Raike.
Replay attack
An attack in which an attacker captures a messages and at a later time communicates that message to a principal. Although the attacker cannot decrypt the message, it may benefit by receiving a service from the principal to whom it is replaying the message. The best way to thwart a replay attack is by challenging the freshness of the message. This is done by embedding a timestamp, a sequence number, or a random number in the message.
Replicator
Any program that acts to produce copies of itself. Examples include a program, a worm, a fork bomb, or a virus. It is even claimed by some that Unix and C are the symbiotic halves of an extremely successful replicator.
Retrovirus
A virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.
Risk
The probability that one or more adverse events will occur.
Risk management
Process of identifying and applying countermeasures, commensurate with the value of the assets protected based on a risk assessment.
Risk plane
A graphic technique for depicting the likelihood of particular attacks occurring and the degree of consequence to an operational mission.
Rivest Cipher 2 (RC2)
A symmetric encryption algorithm developed by Ron Rivest (the R in RSA).
Rivest Cipher 4 (RC4)
A symmetric encryption algorithm developed by Ron Rivest (the R in RSA).
Robustness
A characterization of the strength of a security function, mechanism, service, or solution, and the assurance (or confidence) that it is implemented and functioning correctly.
Root CA
The Certification Authority (CA) that is trusted by everyone. The root CA issues digital certificates to other CAs.
Rootkit
A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan horse software. Rootkit is available for a wide range of operating systems.
Router-based firewall
A firewall where the security is implemented using screening routers as the primary means of protecting the network.
Routing control
The application of rules during the process of routing so as to choose or avoid specific networks, links, or relays.
RSA
A public key cryptosystem invented by Ron Rivest, Adi Shamir, and Leonard Adleman.
Sandboxed environment
The enforcement of access control by a native programming language such that an applet can only access limited resources. Java applets run in a sandboxed environment where an applet cannot read or write local files, cannot start or interact with local processes, and cannot load or link with dynamic libraries. Although a sandboxed environment provides excellent protection against accidental or malicious destruction or abuse of local resources, it does not address the security issues related to authentication, authorization, privacy, integrity, and nonrepudiation.
Sanitization
The changing of content information in order to meet the requirements of the sensitivity level of the network to which the information is being sent.
Scan
An access check performed by software against a set of targets sequentially in order to identify which targets have a specific characteristic.
Scanning
Sending packets or requests to another system to gain information to be used in a subsequent attack.
Screened subnet
A firewall architecture in which a "sandbox" or "demilitarized zone" network is set up between the protected network and the Internet, with traffic between the protected network and the Internet blocked. Conceptually, this is similar to a dual- homed gateway, except that an entire network, rather than a single host, is reachable from the outside.
Screening router
A router that is used to implement part of the security of a firewall by configuring it to selectively permit or deny traffic at a network level.
Secret key
A key used by a symmetric algorithm to encrypt and decrypt data.
Secure Hypertext Transfer Protocol (S-HTTP)
An extension to the HTTP protocol to protect the privacy and integrity of HTTP communications.
Secure Socket Layer (SSL)
A standard for establishing a secure communication link using a public key system.
Secure Single Sign-On (SSSO)
A sign-on methodology that satisfies three related sets of requirements: (1) From an end-user perspective, SSSO refers to the ability of using a single user ID and a single password to logon once and gain access to all resources that one is allowed to access. (2) From an administrative perspective, SSSO allows management of all security-related aspects of one's enterprise from a central location. This includes adding, modifying, and removing users, as well as granting and revoking access to resources. (3) From an enterprise perspective, SSSO provides the ability to protect the privacy and integrity of transactions, as well as to engage in auditable and nonrepudiable transactions.
Secure hash
A hash value such that it is computationally infeasible to find a message that corresponds to a given message digest, or to find two different messages that produce the same digest.
Secure Hash Algorithm (SHA)
A message digest algorithm that digests a message of arbitrary size to 160 bits. SHA is a cryptographic checksum algorithm.
Secure Multipurpose Internet Mail Extensions (S/MIME)
A version of the MIME protocol that supports encrypted messages. S/MIME is based on RSA's public-key encryption technology.

See also Multipurpose Internet Mail Extensions (MIME).

Secure Sockets Layer (SSL)
A session layer protocol used to provide authentication security to applications. It uses a connection-oriented end-to-end encryption scheme to secure data traffic between a client and a server or for peer-to-peer applications security.
Security administrator
Person responsible for the security of information and information technology. Sometimes, this function is combined with systems administrator.
Security Management Infrastructure (SMI)
A set of interrelated activities providing security services needed by other security features and mechanisms; SMI functions include registration, ordering, key generation, certificate generation, distribution, accounting, compromise recovery, rekey, destruction, data recovery, and administration.
Security mechanism
A piece of software that provides any combination of security functionalities, including authentication, privacy, integrity, nonrepudiation, delegation, audit, and authorization. A mechanism uses cryptographic functions and exports its services using an API.
Security policy
What security means to the user; a statement of what is meant when claims of security are made. More formally , the set of rules and conditions governing the access and use of information. Typically, a security policy refers to the conventional security services, such as confidentiality, integrity, availability, and so on, and perhaps their underlying mechanisms and functions.
Security Support Programming Interface (SSPI)
A standard programming interface developed by Microsoft Corporation where two applications can establish a security context independent of the underlying security mechanisms. SSPI is very similar to GSS API.
Security Target (ST)
A set of security requirements and specifications drawn from the Common Criteria for information technology security evaluation to be used as the basis for evaluation of an identified target of evaluation.
Session key
A temporary symmetric key that is only valid for a short period. Session keys are typically random numbers that can be chosen by either party to a conversation, by both parties in cooperation with one another, or by a trusted third party.

See also Kerberos.

Signature
A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.
Signed applet
An applet that is digitally signed by the source that provides it. Signed applets are integrity-protected and cannot be tampered with while en route from the server to the browser.
Simple Key Management for IP (SKIP)
A protocol for protecting the privacy and integrity of IP packets.
SmartCard
A tamper-resistant hardware device on which sensitive information can be stored. Typically, a SmartCard stores the private key(s) of a principal. SmartCards can also be used to encrypt or decrypt data directly on the card. This has the desirable effect of not exposing the private keys, even to the owner of the key. SmartCards are password protected; in order for an application to use the keys and functions of a SmartCard, the user must enter the correct password to open the card.
Smurfing
A denial-of-service attack where the attacker spoofs the source address of an echo-request using an Internet Control Message Protocol (ICMP, e.g., a ping) packet, altering it to a broadcast address for a network, causing the machines in the network to respond en masse to the victim, thereby flooding its network with ICMP traffic.
Sniffer
A software tool used for auditing network traffic packets. Designed to capture data across a computer network, it is often used by hackers to capture user ID names and passwords.
Social engineering
1. An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. 2. An attack based on deceiving users or administrators at the target site that is typically carried out by an adversary telephoning users or operators and pretending to be an authorized user to attempt to gain illicit access to systems.
SOCKS
A networking proxy protocol that enables full access across the SOCKS server from one host to another without requiring direct IP accessibility. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and transmits the data. SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts .
Spam
The act of indiscriminately sending unsolicited , unwanted, pornographic, or otherwise inappropriate messages en masse over a network, usually for advertising purposes.
Spoofing
Unauthorized use of legitimate logon data in order to mimic a subject and mask the existence of an attacker (a.k.a. impersonating, masquerading, piggybacking, and mimicking ).
Strength of encryption
The strength of encryption is measured by the amount of effort needed to break a cryptosystem. Typically, this is measured by the length of the key used for encryption. The strength of encryption is algorithm dependent. For example, the minimum acceptable key length for DES is 56 bits, while the minimum acceptable length for RSA is 512 bits.
Strength of Mechanism (SML)
A scale for measuring the relative strength of a security mechanism hierarchically ordered from SML 1 through SML 3.
Subversion
A scenario that occurs when an intruder subverts the operation of an intrusion detection system to force false negatives to occur.
Symmetric algorithm
An algorithm where the same key can be used for encryption and decryption.
System Security Authorization Agreement (SSAA)
The SSAA is the formal agreement among the DAA(s), certifier, user representative, and program manager. It is used throughout the entire DoD DITSCAP to guide actions, document decisions, specify IA requirements, document certification tailoring and level-of-effort, identify potential solutions, and maintain operational systems security.



Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net